Pretty Advanced New Stuff from CCG Consulting

Main menu

Who Owns IoT Data?

The press has been full of discussion over the last month with numerous articles about Internet privacy. Recent moves by the FCC and Congress have opened the doors for ISPs to track and monetize customer data.

But there is another, possibly bigger source of data that nobody is talking about. I ask the question today about who owns data from the Internet of Things? Our homes are starting to fill up with devices that have the ability to monitor our behavior in numerous ways. Currently there are no specific laws governing the collection and use of this data.

For example, there are now many kinds of devices that listen to conversations in our homes – the one thing that most people probably consider as private and personal. A few years ago we learned that Samsung TVs were capable of hearing all conversations in the room. It was reported at Christmas time that there are now dolls that listen to everything said and send the conversations to the cloud. Millions have invited talking personal assistants into their homes and business in the form of Amazon Echo or the numerous other devices hitting the markets. And many more millions now use Apple’s Siri when driving their cars. And those are just the devices that listen to us today. It’s expected that within the next few years that many electronic devices will be voice activated and monitored in the cloud.

But there are numerous other kinds of devices that can spy on us. Security systems can track every movement of people within a home, and scientists say that understanding people’s movements says a lot about them – including things we might not even understand. When motion sensors get coupled with video cameras the security concerns get even scarier.

But monitoring our IoT can be even simpler than that and seem somewhat innocuous. Numerous manufacturers of appliances plan to include IoT monitoring capability so that they can understand how we use their products. You wouldn’t think that there is much to be worried about if your new blender tells the factory exactly how and when you use it. But if these companies decide to monetize the data they are collecting they could sell it to somebody that collects and collates data from all of our devices – and that aggregator could paint an incredibly detailed picture of our lives.

All of these devices will report back to the cloud using either WiFi or cellular connections, and that means the IoT data will always flow through an ISP on the way to the cloud. One would hope that much of this data will be encrypted, but if not then our ISPs might be the ones using big data analytics to paint a detailed picture of each of us.

From a legal perspective there is no clear answer about who owns this kind of data. Data from IoT devices are not specifically covered under current intellectual property laws. And that’s what makes this all murky. We provide personal data to outsiders in different ways, which might eventually make a legal difference. For example, any time we voluntarily give somebody access to data then they gain a right to use it. We all do this all of the time when we sign up for social media platforms or smartphone apps.

But the situation is probably different when we didn’t specifically grant any approval to use our data. I don’t expect that I am going to be required to sign a terms of service to use a new TV, a smart washer or a blender. In that case there can be a stronger argument made that such data belongs to the customer unless they grant specific approval to use it.

Things get even messier when we start looking at metadata. This is composite data that combines data from multiple people into a jumbled pile. But burying personal data inside metadata does not mean that people can’t be identified from the pile of data – it just means that it’s a bit harder to do.

At some point this is going to have to be addressed legally. Right now, without specific laws controlling this kind of data it’s a no man’s land. It’s hard to think that a court today would know what to do with a complaint that a vendor somehow violated us by using our data.